[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora Core 6 Update: gnupg-1.4.6-2



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1406
2006-12-06
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : gnupg
Version     : 1.4.6
Release     : 2
Summary     : A GNU utility for secure communication and data storage.
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).

---------------------------------------------------------------------
Update Information:

This update upgrades GnuPG to version 1.4.6, incorporating
fixes for a potential buffer overflow (CVE-2006-6169) and
referencing of a stack variable after it passes out of scope
(CVE-2006-6235).
---------------------------------------------------------------------
* Wed Dec  6 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.6-2
- rebuild
* Wed Dec  6 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.6-1
- update to 1.4.6, incorporating fixes for CVE-2006-6169 and CVE-2006-6235
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-13
- apply the termlib patch again
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-12
- don't apply the non-security termlib patch
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-11
- rebuild
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-10
- incorporate patch from Werner to fix use of stack variable after it goes
  out of scope (CVE-2006-6235, #218483)
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-9
- rebuild
- give configure a --with-termlib option which can be used to force the
  selection of libtermcap or libncurses, but don't flip the switch yet
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-8
- rebuild
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-7
- rebuild
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-6
- add patch for overflow in openfile.c from Werner's mail
  (CVE-2006-6169, #218506)
* Tue Oct 31 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-5
- rebuild against current libcurl
* Fri Aug 18 2006 Jesse Keating <jkeating redhat com> - 1.4.5-4
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
  (#203001)
* Tue Aug  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-3
- rebuild
* Tue Aug  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-2
- rebuild
- reenable curl support
* Tue Aug  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-1
- update to 1.4.5, fixing additional size overflows in packet parsing (#200904,
  CVE-2006-3746)
- temporarily disable curl support again
* Fri Jul 28 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4.90-1
- update to 1.4.5rc1 to check for build problems, but mark it as 1.4.4.90
  to avoid looking "newer" than the eventual 1.4.5
- because we call aclocal, buildrequire gettext-devel to get AM_GNU_GETTEXT
* Thu Jul 20 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-7
- add BuildPrereq on curl-devel to get curl's ipv6 support (#198375)
* Wed Jul 12 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-6
- fix a cast in gpgkeys_hkp to avoid tripping stack smashing or buffer overflow
  detection (#198612)
* Wed Jul 12 2006 Jesse Keating <jkeating redhat com> - 1.4.4-5.1
- rebuild
* Wed Jul  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-5
- try again using per-platform buildprereq (jkeating)
* Wed Jul  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-4
- buildprereq libusb-devel, so that we get CCID support back (#197450)
* Mon Jun 26 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-3
- rebuild
* Mon Jun 26 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-2
- rebuild
* Mon Jun 26 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-1
- update to 1.4.4
* Tue Jun 20 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.3-5
- rebuild
* Tue Jun 20 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.3-4
- add patch from upstream to fix CVE-2006-3082 (#195946)
* Tue Apr 11 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.3-3
- rebuild
* Tue Apr 11 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.3-2
- apply patch from David Shaw to try multiple defaults if the the photo-viewer
  option isn't set (fixes #187880)
* Fri Mar 10 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.3-1
- update to 1.4.3
* Fri Mar 10 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.2.2-2
- rebuild
* Fri Mar 10 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.2.2-1
- update to 1.4.2.2 to fix detection of unsigned data (CVE-2006-0049, #185111)
* Mon Feb 20 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.2.1-4
- rebuild
* Mon Feb 20 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.2.1-3
- add patch from David Shaw to fix error reading keyrings created with older
  versions of GnuPG (Enrico Scholz, #182163)
* Wed Feb 15 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.2.1-2
- rebuild
* Wed Feb 15 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.2.1-1
- update to 1.4.2.1 (fixes CVE-2006-0455)
* Fri Feb 10 2006 Jesse Keating <jkeating redhat com> - 1.4.2-3.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb  7 2006 Jesse Keating <jkeating redhat com> - 1.4.2-3.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec  9 2005 Jesse Keating <jkeating redhat com>
- rebuilt
* Tue Aug  9 2005 Nalin Dahyabhai <nalin redhat com> 1.4.2-3
- don't override libexecdir any more; we don't need to (#165462)
* Thu Aug  4 2005 Nalin Dahyabhai <nalin redhat com> 1.4.2-2
- pull in David Shaw's fix for key generation in batch mode
* Fri Jul 29 2005 Nalin Dahyabhai <nalin redhat com>
- change %post to check if the info files are there before attempting to
  add or remove them from the info index (#91641)
* Wed Jul 27 2005 Nalin Dahyabhai <nalin redhat com> 1.4.2-1
- update to 1.4.2
* Thu May  5 2005 Nalin Dahyabhai <nalin redhat com> 1.4.1-3
- fix the execstack problem correctly this time (arjanv)
* Thu Apr 28 2005 Nalin Dahyabhai <nalin redhat com> 1.4.1-2
- add -Wa,--noexecstack back to CFLAGS when invoking configure, the
  --enable-noexecstack flag only seems to affect asm modules
* Wed Mar 16 2005 Nalin Dahyabhai <nalin redhat com> 1.4.1-1
- update to 1.4.1
* Tue Mar  8 2005 Nalin Dahyabhai <nalin redhat com> 1.4.0-2
- build asm modules with -Wa,--noexecstack
* Mon Jan 24 2005 Nalin Dahyabhai <nalin redhat com> 1.4.0-1
- comment out libusb-devel req for now so that we can build
- build the mpi asm modules with gcc, not a cpp/as setup so that we don't end
  up with text relocations in the resulting binaries (#145836)
* Wed Dec 22 2004 Nalin Dahyabhai <nalin redhat com>
- update to 1.4.0
* Mon Nov  1 2004 Nalin Dahyabhai <nalin redhat com>
- add a pile of buildprereq
* Mon Nov  1 2004 Robert Scheck <redhat linuxnetz de> 1.2.6-2
- set LANG=C before running shm coprocessing build-time check (#129873)
* Thu Aug 26 2004 Nalin Dahyabhai <nalin redhat com> 1.2.6-1
- update to 1.2.6
* Tue Jul 27 2004 Nalin Dahyabhai <nalin redhat com>
- update to 1.2.5
- reenable optimization on ppc64
* Tue Jun 15 2004 Elliot Lee <sopwith redhat com>
- rebuilt
* Tue Mar  2 2004 Elliot Lee <sopwith redhat com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith redhat com>
- rebuilt
* Fri Feb  6 2004 Nalin Dahyabhai <nalin redhat com> 1.2.4-1
- update to 1.2.4, dropping separate ElGamal disabling patch
* Fri Dec 12 2003 Nalin Dahyabhai <nalin redhat com> 1.2.3-3
- rebuild
* Mon Dec  1 2003 Nalin Dahyabhai <nalin redhat com> 1.2.3-2
- incorporate patch from gnupg-announce which removes the ability to create
  ElGamal encrypt+sign keys or to sign messages with such keys
* Mon Oct 27 2003 Nalin Dahyabhai <nalin redhat com> 1.2.3-1
- use -fPIE instead of -fpie because some arches need it
* Mon Oct 27 2003 Nalin Dahyabhai <nalin redhat com>
- build gnupg as a position-independent executable (Arjan van de Ven)
* Mon Aug 25 2003 Nalin Dahyabhai <nalin redhat com>
- add Werner's key as a source file
* Fri Aug 22 2003 Nalin Dahyabhai <nalin redhat com>
- update to 1.2.3
* Thu Jun 19 2003 Nalin Dahyabhai <nalin redhat com> 1.2.2-3
- disable asm and optimization on ppc64
* Fri Jun 13 2003 Nalin Dahyabhai <nalin redhat com>
- add a build-time check to ensure that shm coprocessing was enabled
* Wed Jun  4 2003 Elliot Lee <sopwith redhat com>
- rebuilt
* Mon May  5 2003 Nalin Dahyabhai <nalin redhat com> 1.2.2-1
- update to 1.2.2, fixing CAN-2003-0255
* Thu May  1 2003 Elliot Lee <sopwith redhat com> 1.2.1-5
- Add ppc64 patch to fix up global symbol names in assembly
* Fri Feb 28 2003 Kevin Sonney <ksonney redhat com> 1.2.1-4
- remove autoconf call on sparc
* Fri Feb  7 2003 Nalin Dahyabhai <nalin redhat com> 1.2.1-3
- modify g10defs to look for helpers in libexecdir, because that's where they
  get installed, per gnupg-users
- actually drop updates for 1.0.7 which are no longer needed for 1.2.1
* Wed Jan 22 2003 Tim Powers <timp redhat com>
- rebuilt
* Mon Oct 28 2002 Nalin Dahyabhai <nalin redhat com> 1.2.1-1
- update to 1.2.1
* Tue Sep 24 2002 Nalin Dahyabhai <nalin redhat com> 1.2.0-1
- update to 1.2.0
- stop stripping files manually, let the buildroot policies handle it
- add translations updates ca and fr
* Tue Aug 27 2002 Nalin Dahyabhai <nalin redhat com> 1.0.7-6
- rebuild
* Wed Jul 24 2002 Nalin Dahyabhai <nalin redhat com> 1.0.7-5
- specify a menu entry when installing info pages
* Wed Jul 24 2002 Nalin Dahyabhai <nalin redhat com> 1.0.7-4
- add and install info pages (#67931)
- don't include two copies of the faq, add new doc files (#67931)
* Fri Jun 21 2002 Tim Powers <timp redhat com>
- automated rebuild
* Sun May 26 2002 Tim Powers <timp redhat com>
- automated rebuild
* Tue Apr 30 2002 Nalin Dahyabhai <nalin redhat com> 1.0.7-1
- update to 1.0.7
* Fri Feb 22 2002 Nalin Dahyabhai <nalin redhat com> 1.0.6-5
- rebuild
* Wed Jan 23 2002 Nalin Dahyabhai <nalin redhat com> 1.0.6-4
- make the codeset patch unconditional
* Thu Aug  9 2001 Nalin Dahyabhai <nalin redhat com> 1.0.6-3
- set message output encoding to match the message encoding, based on a
  patch by goeran uddeborg pp se (#49182)
* Sun Jun 24 2001 Elliot Lee <sopwith redhat com> 1.0.6-2
- Bump release + rebuild.
* Wed May 30 2001 Nalin Dahyabhai <nalin redhat com> 1.0.6-1
- update to 1.0.6, fixes format string exploit
* Mon Apr 30 2001 Nalin Dahyabhai <nalin redhat com>
- update to 1.0.5, dropping various patches
* Tue Feb 27 2001 Trond Eivind Glomsrød <teg redhat com>
- langify
- strip binaries in /usr/lib/gnupg
* Tue Feb 27 2001 Nalin Dahyabhai <nalin redhat com>
- fix the group
* Mon Dec 18 2000 Nalin Dahyabhai <nalin redhat com>
- go with this version -- 1.0.4c includes a lot of changes beyond just the
  two security fixes
* Thu Dec 14 2000 Nalin Dahyabhai <nalin redhat com>
- add the --allow-secret-key-import patch from CVS in case we don't get a 1.0.5
* Fri Dec  8 2000 Nalin Dahyabhai <nalin redhat com>
- build as an errata for 7
* Fri Dec  1 2000 Nalin Dahyabhai <nalin redhat com>
- add a security patch for a problem with detached signature verification...
  might hold off for an impending 1.0.5, though
* Thu Oct 19 2000 Nalin Dahyabhai <nalin redhat com>
- fix a bug preventing creation of .gnupg directories
* Wed Oct 18 2000 Nalin Dahyabhai <nalin redhat com>
- add patch to recognize AES signatures properly (#19312)
- add gpgv to the package
* Tue Oct 17 2000 Nalin Dahyabhai <nalin redhat com>
- update to 1.0.4 to get security fix
* Tue Oct 10 2000 Nalin Dahyabhai <nalin redhat com>
- fix man page typos (#18797)
* Thu Sep 21 2000 Nalin Dahyabhai <nalin redhat com>
- update to 1.0.3
- switch to bundled copy of the man page
* Wed Aug 30 2000 Matt Wilson <msw redhat com>
- rebuild to cope with glibc locale binary incompatibility, again
* Wed Aug 16 2000 Nalin Dahyabhai <nalin redhat com>
- revert locale patch (#16222)
* Tue Aug 15 2000 Nalin Dahyabhai <nalin redhat com>
- set all locale data instead of LC_MESSAGES and LC_TIME (#16222)
* Sun Jul 23 2000 Nalin Dahyabhai <nalin redhat com>
- update to 1.0.2
* Wed Jul 19 2000 Jakub Jelinek <jakub redhat com>
- rebuild to cope with glibc locale binary incompatibility
* Thu Jul 13 2000 Prospector <bugzilla redhat com>
- automatic rebuild
* Wed Jul 12 2000 Nalin Dahyabhai <nalin redhat com>
- include lspgpot (#13772)
* Mon Jun  5 2000 Nalin Dahyabhai <nalin redhat com>
- rebuild in new build environment
* Fri Feb 18 2000 Bill Nottingham <notting redhat com>
- build of 1.0.1
* Fri Sep 10 1999 Cristian Gafton <gafton redhat com>
- version 1.0.0 build for 6.1us

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

c626ce84e9d2dc39c863efbbdf879330d5fe74fb  SRPMS/gnupg-1.4.6-2.src.rpm
c626ce84e9d2dc39c863efbbdf879330d5fe74fb  noarch/gnupg-1.4.6-2.src.rpm
682cbd00aabbb225d748bdb237fde51b3ef25b06  ppc/gnupg-1.4.6-2.ppc.rpm
ebbeef080fff37991929bc6d727dad8dec0287dc  ppc/debug/gnupg-debuginfo-1.4.6-2.ppc.rpm
a8e6cfd56037a585d9d4f4a745e17be59bcab206  x86_64/gnupg-1.4.6-2.x86_64.rpm
786c668d1c45a02f73af311832e70d0cae81c738  x86_64/debug/gnupg-debuginfo-1.4.6-2.x86_64.rpm
1e442eca4432f340c53ccca22b620c009b8aae08  i386/gnupg-1.4.6-2.i386.rpm
e99717a999fb025e2d4635351a7618c51613b4f0  i386/debug/gnupg-debuginfo-1.4.6-2.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]